The European Union’s ambitious goal that 75 percent of EU organisations should use cloud computing services by 2030, is a clear indication of how crucial a role sovereign cloud services will play in building the continent’s self-sufficient digital economy over the next few years.
Alongside concerns about geopolitical and economic volatility, the question of data sovereignty has markedly returned to the forefront of debate for the region’s digital businesses and governments.
This is now a critical issue – the need to resolve legal and operational ambiguities around where data is stored, who has access to this and precisely what legislation governs data held in different physical locations is fuelling an upturn in action. Businesses of all sizes have woken up to the fact that failure to address this could have hard-hitting consequences including fines for non-compliance and long term, costly, reputational damage.
Investing in a sovereign cloud for Europe
Precipitated by unpredictable trade policies, including recent announcements on US tariffs, fears are echoing across Europe about our reliance on the large cloud providers headquartered in the United States. Recent research has found that, in the UK, more than half of the country’s IT leaders plan to reduce reliance on US-based providers, with 45 percent actively looking to limit exposure to US jurisdiction.
US laws like the CLOUD Act, which could oblige American providers to hand over data to authorities regardless of where it is physically stored, highlight the distinct legal grey areas of cross border data governance and security.
Many consider that this leaves the European economy vulnerable, with heads turning towards initiatives such as IPCEI-CIS (Important Projects of Common European Interest on Cloud Infrastructure and Services) – a major effort to develop a secure, sovereign cloud framework compliant with EU laws like GDPR.
Backed by more than 100 companies, IPCEI-CIS isn’t just about regulation. It’s also about vastly reducing dependence on US providers, offering secure local storage facilities and providing a base for digital technology innovation. It is no surprise that hyperscalers like Azure and AWS are participating in this effort, alongside specialist European providers, to find a workable solution.
Regaining control over data
IT professionals are rightly concerned about putting clear and robust data storage provision in place for their organisations. In doing so, they should have the buy-in and support from their leadership team. Translating data sovereignty from theory into practice is challenging, with strategic business implications at board-level if this is not done correctly.
For example, every business should involve its legal and finance teams, where GDPR and similar laws demand exacting levels of compliance and granular control over data handling and storage processes. Non-compliance in these areas could result in large fines, legal action and long-term damage to stakeholder trust – all of which have impact across an organisation.
No matter what size of company, customers are keener than ever to iron out ambiguities around the location of their data and what jurisdiction it falls under. Even smaller organisations have a responsibility to be clear on the legal stance of their data strategies. Unlike large enterprises, these often lack the legal, financial and technical resources to effectively navigate this area and must then rely on the counsel of third-party cloud providers for advice.
The challenge for providers is to be prepared to deliver the guidance so much needed. It is no longer sufficient for IT managers to accept vague answers about the location of their data, or what legislation this falls under – in fact, if something is not answered with absolute clarity then action is required.
IT managers opting for repatriation
In this uncertain environment, many IT managers are in favour of repatriating some, or all, of their data away from public cloud services to on-premise servers or private clouds. In fact, recent research indicates that repatriation is a popular and practical choice; one survey found that 21 percent of workloads and data had been moved away from public cloud, while an IDC report concluded that around 80 percent of IT professionals expected some level of repatriation in data and workloads.
In reality, this is far from abandoning cloud services. More accurately, IT managers are making informed choices to refine their cloud choices. Repatriating specific data sets is a decision to claim more control over data, who can access this and achieve certainty that it complies with local legislation.
In addition, using on-premise or private clouds in a hybrid IT model can improve performance, lower costs and it can provide the highest levels of security from third-party risks or foreign government access for the most sensitive or proprietary data.
Confident data sovereignty
Although every organisation will approach its data sovereignty strategy differently, each has to reach the same outcome – that of being confident in the storage and handling of its data. This is no longer a distant theory, it’s a fundamental business issue that must be addressed at the most senior level.
The majority of organisations will require a partner to help reshape infrastructure, policies and processes. Looking for a partner that goes beyond a basic service is a necessity and will make the difference to whether a company is truly sovereign ready or not.
The ability to deliver proactive consultancy, guarantee details of data residency, reassurance on compliance and providing end-to-end security to protect data will all set a provider apart. And by asking the right questions now, every company can share a responsibility to achieve a self-governing, resilient and independent digital economy in Europe.
About the Author
Terry Storrar is managing director at Leaseweb UK. Leaseweb is a leading Cloud services and Infrastructure-as-a-Service (IaaS) provider serving a worldwide portfolio of 20,000 customers ranging from SMBs to Enterprises. Services include Public Cloud, Private Cloud, Hybrid Hosting, Colocation, Content Delivery Network, Cyber Security Services, and Dedicated Servers supported by exceptional customer service and technical support. With more than 80,000 servers under management, we have provided infrastructure for mission-critical websites, Internet applications, e-mail servers, security, and storage services since 1997. We have a global footprint of 20+ data centers across Europe, Asia, Australia, and North America, all of which are backed by a superior global network with a total capacity of more than 10 Tbps.
Featured image: photoyasya
